Ignore:
Timestamp:
29/01/10 14:07:36 (11 years ago)
Author:
pjkersha
Message:
  • #1088 Important fix to AuthnRedirectResponseMiddleware? to set redirect ONLY when SSL client authentication has just succeeded in the upstream middleware AuthKitSSLAuthnMiddleware. This bug was causing the browser to redirect to the wrong place following OpenID sign in in the case where the user is already logged into their provider and selects a new relying party to sign into.
    • Improvements to Provider decide page interface: leave out messages about attributes that the provider can't retrieve for the RP. Also included NDG style help icon.
Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test
Files:
4 added
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml

    r6290 r6440  
    99        <userId>ndg-user</userId> 
    1010        <validity> 
    11             <notBefore>2010 01 11 15 49 07</notBefore>  
    12             <notAfter>2010 01 11 23 49 07</notAfter>  
     11            <notBefore>2010 01 20 08 54 54</notBefore>  
     12            <notAfter>2010 01 20 16 54 54</notAfter>  
    1313        </validity> 
    1414        <attributes> 
     
    3333        <provenance>original</provenance>  
    3434    </acInfo> 
    35 <ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>cs742SaTEW8PS3CCXsxLO6MicaE=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Z2CdNfHi6XVUdUMKWZMvEzd2vBLJebd4NEfnetyfEAHjhZosiZ6ladn4p+tgnUXZ2ZdtnpYE3j44 
    36 F1ceowUA5DWxaS2Gs1jhWXTZYAkgohwH9ZUUEwiN7Rtj/C8aMB0aAjxHI/X5U/J/Lrriw0MrIQ1r 
    37 oA0AIRrGA9YByOVP1jY=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     35<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>s1dB/p8Cl1SmY0/Jcq+2z2biXHs=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Sw36kLKRjSro9409KGZ5YPsQrU9FcvkzwO5n3WJ1WQkgDTS2IhGHCW5OB64bL8e3Ub3gdM1WlHC4 
     36ybGYfPOuuVfQ4ZHHfLqQMWA9p5ALRmUTAglSt9/uTPYzc8yk7wCWHNYqMDVPHbHwy5MWyAToCHGx 
     37rqJRs9WgozMJMugslJk=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    3838MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy 
    3939NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/openidrelyingparty/public/layout/default.css

    r6127 r6440  
    1 /* Following information on http://css.maxdesign.com.au/floatutorial/tutorial0816.htm */ 
    2 /* Entire Page Contents */ 
     1/* 
     2* NDG Security OpenID Provider and Relying Party Stylesheet 
     3*/ 
    34 
    45body, html { 
    5         margin: 0; 
    6         padding: 0; 
    7         border: 0; 
    8         background-color: #eee; 
    9         color:#333333; 
    10         font-family:Verdana, Arial, Helvetica, sans-serif; 
    11         line-height:1.4; 
    12         font-size:small; 
     6    margin: 0; 
     7    padding: 0; 
     8    border: 0; 
     9    background-color: #eee; 
     10    color:#333333; 
     11    font-family:Verdana, Arial, Helvetica, sans-serif; 
     12    line-height:1.4; 
     13    font-size: small; 
    1314} 
    1415 
    15 body { 
    16  
     16.helptxt { 
     17    font-size: smaller;  
     18    background-color: #e6f0f8; 
    1719} 
    1820 
    1921 
     22div.hidden { 
     23    display: none; 
     24} 
     25 
     26.helpicon 
     27{ 
     28    cursor:help; 
     29} 
     30 
     31/* 
     32* Provider Attribute Exchange Request parameters 
     33*/ 
     34#opAXRequestedAttributes { 
     35    width: 100%; 
     36    border-collapse: collapse; 
     37    background-color: #e6f0f8; 
     38    table-layout: auto; 
     39    margin-top:10px;  
     40    margin-bottom: 20px;  
     41} 
     42 
     43#opAXRequestedAttributes td, #opAXRequestedAttributes th  
     44{ 
     45    font-size:0.9em; 
     46    border:1px solid #ffffff; 
     47    padding:3px 7px 2px 7px; 
     48} 
     49 
     50#opAXRequestedAttributes th  
     51{ 
     52    font-size:1.0em; 
     53    text-align:left; 
     54    padding-top:5px; 
     55    padding-bottom:4px; 
     56    background-color: #cedbe5; 
     57    color: #333; 
     58} 
     59 
    2060 
    2161/* Top Banner Div */ 
    22  
    2362#header { 
    2463    color: #8c8c8c; 
     
    3170    clear: both;  
    3271    margin-top:10px;  
    33 /*    border: solid #555555;*/ 
    3472    border: solid #8c8c8c; 
    3573    border-width: 0 0 2px 0; 
     
    4684} 
    4785 
    48 .searchBar {margin-top: 2px; background-color:  #f0f0f0; } /* Change this color and you need to change the color in the pagetab current */ 
    49 .searchBar table {padding-left:10px; padding-bottom:0px; margin:0px;font-weight:bold;} 
    50 .searchBar .hidden {display:none} 
    51 /* .searchOneLine {margin-top: 2px; margin-bottom: 2px; background-color: #f0f0f0; text-align:right; font-size:100%;} */ 
    52  
    53 #Header {color: black; background-color: white; text-align: center; margin-bottom: 10px; padding-top: 3px; padding-right: 0px; padding-left: 0px; padding-bottom: 0px; font-size: medium; font-weight:bold; color:white} 
    54 #Header table {margin:0px; padding:20px;} 
    55  
    56 /* Main Tabs First Cut */ 
    57 /* Reminder: top, right, bottom, left */ 
    58 #PageTabs {margin: 5px 0px 0px 0px; line-height:normal;border: solid black; border-width: 0px 0px 0px 0px;} 
    59 #PageTabRow {width:100%; } 
    60 #PageTabRow ul {margin:0 0 0 10px; padding:0; list-style:none; } 
    61 #PageTabRow li {float:left; margin-right:10px; padding: 2px 10px; border: solid black; border-width:1px 1px 0px 1px; } 
    62 #PageTabRow li.current {position:relative; top:1px; background-color: #f0f0f0; } /* color should be same as searchBar! */ 
    63 #PageTabRow li.hidden {} 
    64 #PageTabRow a {display:block; text-decoration:none;} 
    65 .line {border-top: 1px solid black; clear:both;} 
    66  
    67  
    68 /* In page tabs */ 
    69 /* Reminder: top, right, bottom, left */ 
    70 .InPageTabs {margin: 5px 20px 0px 20px; line-height:normal; border: solid black; border-width: 0px 0px 0px 0px;} 
    71  
    72 .InPageHdr ul {margin:0 0 0 10px; padding:0; list-style:none; } 
    73 .InPageHdr li {float:left; margin-right:10px; padding: 2px 10px; border: solid black; border-width:1px 1px 0px 1px; } 
    74 .InPageHdr li.current {position:relative; top:1px; background-color: #f0f0f0; } /* color should be same as searchBar! */ 
    75 .InPageHdr li.hidden {} 
    76 .InPageHdr a {display:block; text-decoration:none;} 
    77 .InPageContent {border:1px solid black; clear: both;} 
    78 .InPageContent ul {list-style:none;} 
    79 .InPageContent .hidden {display:none;} 
    80 /* Left Column if Necessary */ 
    81  
    82 #Left{ WIDTH: 220px; FLOAT: left; margin-bottom: 10px; margin-right:10px;margin-left:5px;} 
    83 .tabhdr { margin-top:5px; float:left; line-height:normal;} 
    84 .tabhdr ul {margin:0; padding:0; list-style:none;} 
    85 .tabhdr a:link {display:block; text-decoration:none; color:black; float:left; width:5em;} 
    86 .tabhdr li {margin:0;} 
    87 .tabhdr li.current {float:left; margin-right:3px; padding:2px 10px; background-color:#f0f0f0;  
    88                     border-top: 1px solid #3c78b5; border-right: 1px solid #3c78b5; border-left: 1px solid #3c78b5; position:relative;top:1px;} 
    89 .tabhdr li.hidden {float:left; margin-right:3px; padding:2px 10px; 
    90     border-left:1px solid #3c78b5; border-right:1px solid #3c78b5; border-top:1px solid #3c78b5; } 
    91 .tabcontent {padding:2px 10px; background: #f0f0f0; clear:both; border:1px solid #3c78b5;} 
    92 .tabcontent ul {list-style:none; font-size:50%; margin-left:0; padding-left:0; } 
    93 /* Main Content */ 
    94  
    95 #contents  {border-left: 1px solid #3c78b5;} 
    96 #contentsRight  {border-left: 1px solid #3c78b5; margin-left:250px;} 
    97  
    98 .error {display:block;text-align:center;font-size:150%;background-color:red; padding:10px;} 
    99  
    100 /* The following is the css associated with pretty printing xml */ 
    101 .xmlDoc {font-size:80%} 
    102 .xmlElem {PADDING-LEFT: 20px;} 
    103 .xmlAttrVal {COLOR:Red; } 
    104 .xmlAttrTyp {COLOR:Green; } 
    105 .xmlElemTag {COLOR:Blue; } 
    106 .highlight {BACKGROUND-COLOR:Yellow; } 
    107 .ndgem {FONT-WEIGHT: bold} 
    108  
    109 /* This is the "metadata" css */ 
    110 .metadata {PADDING-LEFT: 20px; font-size:80%; padding-right:20px;} 
    111 #Corrections {PADDING-LEFT:20px; font-size:80%; padding-right:20px;} 
    112 .metadata #keywords {COLOR: Blue; FONT-SIZE:120%; FONT-WEIGHT:bold;} 
    113 .metaentry {COLOR: Black} 
    114 .metadata .hidden {display:none} 
    115  
    11686/* We don't want borders on linked images */ 
    11787a img {border: none;} 
    11888 
    119 /* StubB */ 
    120 .headingblock{background-color: #f0f0f0;border: 1px solid #3c78b5; margin:10px 60px 20px 50px; padding-top:5px;} 
    121 /* .bottomblock{border: 1px solid #3c78b5; margin-left:5px;margin-right:5px;padding:5px;}*/ 
    122  
    123 .heading { 
    124     font-size: 140%; 
    125     font-weight: bold; 
    126     color: #003366; 
    127     padding: 4px; 
    128     text-align:center; 
    129     } 
    130      
    131    
    132 /* top right bottom left */ 
    133 .metadata #abstract {MARGIN: 5px 20px 10px 20px; font-size:100%;  padding: 8px 8px 8px 8px; text-align:justify;}  
    134 .metadata h4 {font-size: 120%; 
    135     line-height: normal; 
    136     font-weight: bold; 
    137     color: #003366; 
    138     padding: 2px 2px 2px 2px; 
    139     margin: 0px 0px 4px 0px; 
    140 } 
    141 .metadata table {padding-top:10px;} 
    142  
    143 .linehead { 
    144     font-size: 120%; 
    145     line-height: normal; 
    146     font-weight: bold; 
    147     background-color: #f0f0f0; 
    148     color: #003366; 
    149     border-bottom: 1px solid #3c78b5; 
    150     padding: 2px 2px 2px 2px; 
    151     margin: 0px 0px 4px 0px; 
    152 } 
    153 .emphatic {font-size: 120%; 
    154     line-height: normal; 
    155     font-weight: bold; 
    156     background-color: #f0f0f0; 
    157     color: #003366; 
    158     border-bottom: 1px solid #3c78b5; 
    159     padding: 2px 2px 2px 2px; 
    160     margin: 0px 0px 4px 0px; 
    161     } 
    162 .rowhead { 
    163     font-size: 100%; 
    164     font-weight: bold; 
    165     border-bottom: 1px solid #3c78b5; 
    166     } 
    167 .cellhead { font-size: 100%; font-weight: bold;}  
    168  
    169 .ndgem {font-weight:bold} 
    170 tr.rowlo {background: #eeeeee; 
    171 border-top:1px; 
    172 border-bottom:1px; 
    173 border-bottom-color:#FFFFFF; 
    174 border-top-color:#000000; 
    175 } 
    176 tr.rowhi { 
    177 border-top:1px; 
    178 border-bottom:1px; 
    179 border-bottom-color:#FFFFFF; 
    180 border-top-color:#000000; 
    181 } 
    182  
    183 /* Selection page */ 
    184  
    185 .gsummary .hidden {display: none} 
    186  
    187  
    18889/* And now the footer */ 
    189 #Footer { 
     90#footer { 
    19091    color: #ffffff;  
    19192    background-color: #003153;  
     
    212113} 
    213114 
     115/* 
     116* Provider Login 
     117*/ 
     118#loginForm { 
     119    margin-bottom: 50px;  
     120    padding-top: 0px;  
     121    padding-right: 10px;  
     122    padding-left: 10px;  
     123    clear: both;  
     124    margin-top:25px;  
     125} 
     126 
     127/*  
     128* Provider Decide Page form Content  
     129*/ 
     130#decideFormContent { 
     131    margin-top:25px;  
     132    margin-bottom: 50px;  
     133    padding-top: 0px;  
     134    padding-right: 10px;  
     135    padding-left: 10px;  
     136    border-width: 0 0 2px 0; 
     137    clear: both;  
     138} 
     139 
     140/*  
     141* Provider - display user OpenID in decide page interface  
     142*/ 
     143#identityUriBox { 
     144    font-size:0.9em; 
     145    color: black; 
     146    background-color: #e6f0f8; 
     147    margin-top:10px;  
     148    margin-bottom: 20px;  
     149    padding-top: 10px;  
     150    padding-right: 10px;  
     151    padding-left: 7px;  
     152    padding-bottom: 10px; 
     153} 
     154 
     155/* 
     156* Provider Main page 
     157*/ 
     158#mainPageContent { 
     159    margin-top:25px;  
     160    margin-bottom: 50px;  
     161    padding-top: 0px;  
     162    padding-right: 10px;  
     163    padding-left: 10px;  
     164    border-width: 0 0 2px 0; 
     165    clear: both;  
     166} 
     167 
     168/* 
     169* Provider - error page 
     170*/ 
     171#errorContent { 
     172    margin-top:25px;  
     173    margin-bottom: 50px;  
     174    padding-top: 0px;  
     175    padding-right: 10px;  
     176    padding-left: 10px;  
     177    border-width: 0 0 2px 0; 
     178    clear: both;  
     179} 
     180 
    214181#message { 
    215182    color: #8c8c8c; 
     
    223190    border-radius: 10px 10px; 
    224191    margin: 20px; 
    225     /*padding: 10px 20px;*/ 
    226192} 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

    r6276 r6440  
    123123 
    124124openid.relyingparty.baseURL = %(authkit.openid.baseurl)s 
    125 openid.relyingparty.idpWhitelistConfigFilePath = %(here)s/openidrelyingparty/ssl-idp-validator.xml 
     125#openid.relyingparty.idpWhitelistConfigFilePath = %(here)s/openidrelyingparty/ssl-idp-validator.xml 
    126126openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.genshi.GenshiSigninTemplate 
    127 #openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public 
     127openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public 
    128128openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s 
    129129openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s 
     
    176176# specified - see commented out entry for firstName below.  The number of 
    177177# attributes for each attribute name defaults to 1 unless otherwise set 
    178 authkit.openid.ax.typeuri.firstName=http://openid.net/schema/namePerson/first 
    179 authkit.openid.ax.alias.firstName=firstName 
    180 #authkit.openid.ax.count.firstName=1 
     178#authkit.openid.ax.typeuri.firstName=http://openid.net/schema/namePerson/first 
     179#authkit.openid.ax.alias.firstName=firstName 
     180##authkit.openid.ax.count.firstName=1 
    181181#authkit.openid.ax.required.firstName=True 
    182 authkit.openid.ax.typeuri.lastName=http://openid.net/schema/namePerson/last 
    183 authkit.openid.ax.alias.lastName=lastName 
    184 authkit.openid.ax.required.lastName=True 
    185 authkit.openid.ax.typeuri.emailAddress=http://openid.net/schema/contact/internet/email 
    186 authkit.openid.ax.alias.emailAddress=emailAddress 
    187 authkit.openid.ax.required.emailAddress=True 
    188  
     182#authkit.openid.ax.typeuri.lastName=http://openid.net/schema/namePerson/last 
     183#authkit.openid.ax.alias.lastName=lastName 
     184#authkit.openid.ax.required.lastName=True 
     185#authkit.openid.ax.typeuri.emailAddress=http://openid.net/schema/contact/internet/email 
     186#authkit.openid.ax.alias.emailAddress=emailAddress 
     187#authkit.openid.ax.required.emailAddress=True 
     188 
     189# ESG Gateway requested parameters 
     190authkit.openid.ax.typeuri.uuid:http://openid.net/schema/person/guid 
     191authkit.openid.ax.alias.uuid=uuid 
     192authkit.openid.ax.typeuri.username:http://openid.net/schema/namePerson/friendly 
     193authkit.openid.ax.alias.username=username 
     194authkit.openid.ax.typeuri.firstname:http://openid.net/schema/namePerson/first 
     195authkit.openid.ax.alias.firstname=firstname 
     196authkit.openid.ax.required.firstname:True 
     197authkit.openid.ax.typeuri.middlename:http://openid.net/schema/namePerson/middle 
     198authkit.openid.ax.alias.middlename=middlename 
     199authkit.openid.ax.typeuri.lastname:http://openid.net/schema/namePerson/last 
     200authkit.openid.ax.required.lastname:True 
     201authkit.openid.ax.alias.lastname=lastname 
     202authkit.openid.ax.typeuri.email:http://openid.net/schema/contact/internet/email 
     203authkit.openid.ax.required.email:True 
     204authkit.openid.ax.alias.email=email 
     205authkit.openid.ax.typeuri.gateway:http://www.earthsystemgrid.org/gateway 
     206authkit.openid.ax.alias.gateway=gateway 
     207authkit.openid.ax.typeuri.organization:http://openid.net/schema/company/name 
     208authkit.openid.ax.alias.organization=organization 
     209authkit.openid.ax.typeuri.city:http://openid.net/schema/contact/city/home 
     210authkit.openid.ax.alias.city=city 
     211authkit.openid.ax.typeuri.state:http://openid.net/schema/contact/state/home 
     212authkit.openid.ax.alias.state=state 
     213authkit.openid.ax.typeuri.country:http://openid.net/schema/contact/country/home 
     214authkit.openid.ax.alias.country=country 
    189215 
    190216[filter:SSLCientAuthnRedirectResponseFilter] 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/sslclientauthnmiddleware/test_sslclientauthn.py

    r6069 r6440  
    2525from ndg.security.common.utils.configfileparsers import \ 
    2626                                                    CaseSensitiveConfigParser 
    27 from ndg.security.common.m2CryptoSSLUtility import HTTPSConnection 
     27from ndg.security.common.utils.m2crypto import HTTPSConnection 
    2828 
    2929 
Note: See TracChangeset for help on using the changeset viewer.